Lessons Learned at Gartner Identity and Access Management Summit 2017
More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security.
The event presented the Core Security team with a great opportunity to spend quality time with some of our customers and partners, make new connections, and of course, hear from Gartner about the state of the industry today and predictions for the future. Here are some of our takeaways from the event:
Technology convergence creates opportunities but also creates more risk
Rapid technology innovation has led to rapid change. The pace of that change, driven by companies rapidly shifting to cloud services and decentralized networks, is outpacing the ability of companies and people to adapt to it. As everyone is moving so quickly, organizations are becoming silos of isolated internal groups. This leads to communication gaps between departments, divisions, and disciplines, opening the company up to duplication of effort at best, and at worst, greater risk incurred due to lack of common security protocols.
The future of IAM is already here
The “future” IAM scenario is happening now. Authentication, access management, ID proofing, fraud detection, and user and entity behavior analytics (UEBA) are all converging. (Underlining how quickly technology has advanced, a mere two years ago, that “e” wasn’t even in the acronym.)
Using the slogan “Devices are People Too,” Gartner analysts drove home the fact that the need for authentication now goes beyond traditional users. With the advent of the Internet of Things IoT - or the Internet of Everything, as it’s also now being called – devices also require authentication. This is easy enough for consumer-grade IoT devices, but for enterprises this will require more advanced solutions to manage industrial automation, physical asset (building) access, and any systems that processes sensor inputs.
The #1 term people search for on Gartner.com right now is blockchain. Blockchain and the web are coming together, and decentralized identity systems stand to be a primary beneficiary with a ledger-based identity model that makes assertions for least-privilege access at the right time.
As exciting as blockchain is, machine learning is even more consequential. Gartner estimates that by 2022, one-third of all IAM processing will be AI-driven, with identity security automation. Similar to blockchain, this is all about least privilege at the right time. Data breach fatigue is leading companies to look beyond the password. Sound familiar?
Don’t forget about process
In today’s age of General Data Protection Regulation (GDPR) and countless other regulatory-related acronyms, it’s easy to lose sight of the fact that at heart, global regulatory compliance (GRC) is about risk management and business risk continues to increase with each passing day. However, time-to-value is equally important for business growth. As a result, GRC is now giving way to integrated risk models that seek to simplify, automate, and integrate in order to achieve the desired outcome: balancing risk with business enablement.
Disruption opens the door for new leadership
The IAM sector is undergoing a major realignment that will define new leaders. While emerging technologies and technology convergence are creating an environment where identity and access management solutions are a requirement, not a luxury, people still want to have choices for those solutions.
We believe that change is the future for IAM, and believe in embracing that change – and helping our customers stay secure and avoid risk regardless of the landscape around them. As the industry’s first identity-based security automation platform, Core Security enables customers to combine network and vulnerability data with identity controls – which was validated at last week as key to the evolution of IT security.